Symantec™ Encryption Management Server and Symantec Data Loss Prevention

Integration Guide

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Version . Last updated: January 2013.

Legal Notice Copyright (c) 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Other names may be trademarks of theirrespective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering.No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, ifany.THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FORINCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial ComputerSoftware and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis StreetMountain View, CA 94043Symantec Home Page (http://www.symantec.com)

Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1

1

Contents

Introduction

About integrating Symantec Gateway Email Encryption with Symantec Data Loss Prevention 1Audience and scope 1Integration requirements 2Getting assistance 2

Getting product assistance 2Technical Support 3Contacting Technical Support 3Licensing and registration 4Customer service 4Support agreement resources 4

How email flows through the integrated system 5

Network diagrams 5Automatic message forwarding from Symantec Messaging Gateway 6Manual release from Symantec Messaging Gateway quarantine 6

Symantec Gateway Email Encryption setup 9

Enabling integration 9Adding a mail proxy for Symantec Messaging Gateway messages 10Updating mail policy 10

Symantec Data Loss Prevention setup 11

Certificate authentication 11Data Loss Prevention user ID permissions 11

Symantec Messaging Gateway setup 13

Creating a policy to quarantine flagged messages 13Creating a policy to automatically forward flagged messages 14

Incident reporting 15

Making sure set up was successful

Understanding the Symantec Encryption Management Server log files 19Troubleshooting 21

17

1 Introduction

This guide describes the steps required to integrate Symantec Gateway Email Encryption with Symantec Data Loss Prevention (DLP) and Symantec Messaging Gateway (SMG).

About integrating Symantec Gateway Email Encryption with Symantec Data Loss Prevention

Symantec Encryption Management Server now integrates with Symantec Data Loss Prevention Enforce Server (DLP) by securing DLP-flagged messages and automatically updating the incident remediation status in the Data Loss Prevention Enforce Server. This all-in-one solution provides both message protection and built-in compliance reporting.

With this integration, Symantec Messaging Gateway powered by Brightmail (SMG) sends outbound email to Symantec Data Loss Prevention. Symantec Data Loss Prevention scans the email, flags it for security violations or sensitivity, and then sends it back to Symantec Messaging Gateway. Symantec Messaging Gateway sends flagged email on to Symantec Gateway Email Encryption, either automatically or after administrator review. Symantec Gateway Email Encryption processes the email through mail policy. Symantec Gateway Email Encryption then sends status confirmation back to Symantec Data Loss Prevention that the message was encrypted and sent out in compliance with security requirements.

Audience and scope This guide is written for Symantec Data Loss Prevention, Symantec Messaging Gateway, and Symantec Encryption Management Server administrators. The administrator configures the Symantec Data Loss Prevention and Symantec Messaging Gateway products to work with Symantec Encryption Management Server.

The scope of this guide is to define only the areas where the three products intersect.

This guide contains a summary of the steps required enable integration on the products. It explains how to configure policies and rules. There is a section that describes how to enable authentication between Symantec Data Loss Prevention and Symantec Encryption Management Server. The guide also explains how to make sure that the products are successfully integrated, and how to understand incident reporting.

2 Introduction Integration requirements

Integration requirements � Mail routed to Symantec Encryption Management Server for encryption must be

destined for domain names that do not appear in the Symantec Encryption Management Server managed domain name list. Mail sent to domain names in the managed domain name list may be blocked because the recipient may not have an encryption key nor be eligible for Symantec Encryption Management Server Key Not Found delivery options.

� You must have a Symantec Gateway Email Encryption license for Symantec Encryption Management Server to be able to proxy messages from Symantec Data Loss Prevention and Symantec Messaging Gateway.

� Symantec Data Loss Prevention and Symantec Messaging Gateway must already be integrated:

� Symantec Messaging Gateway. Use the Symantec Data Loss Prevention Setup interface to enable integration by providing the IP address of the Symantec Data Loss Prevention server.

� Symantec Data Loss Prevention. Use Symantec Data Loss Prevention Email Quarantine Connect to set up integration with Symantec Messaging Gateway to send DLP-flagged messages to SMG for quarantine.

Getting assistance For additional resources, see these sections.

Getting product assistance The following documents and online help are companions to the Symantec Gateway Email Encryption and Symantec Data Loss Prevention Integration Guide. This guide occasionally refers to information that can be found in one or more of these sources:

� Online help is installed and is available in the Symantec Encryption Management Server product.

Detailed information on how to use the Symantec Data Loss Prevention product can be found in these documents:

� Symantec Data Loss Prevention Installation Guide for Windows

� Symantec Data Loss Prevention Administration Guide

Detailed information on how to use the Symantec Messaging Gateway product can be found in these documents:

� Symantec Messaging Gateway Installation Guide

� Symantec Messaging Gateway Administration Guide

Detailed information on how to use Symantec Encryption Management Server can be found in these documents:

� Symantec Encryption Management Server Installation Guide

3 Introduction Getting assistance

� Symantec Encryption Management Server Administrator’s Guide Additional information may also be found in the following:Integration Guide – PGP Universal Gateway Email and Symantec Messaging Gateway

Technical Support Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

� A range of support options that give you the flexibility to select the right amount of service for any size organization

� Telephone and/or Web-based support that provides rapid response and up-to-the-minute information

� Upgrade assurance that delivers software upgrades

� Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis

� Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web site at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical Support Customers with a current support agreement may access Technical Support information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

� Product release level

� Hardware information

� Available memory, disk space, and NIC information

� Operating system

� Version and patch level

� Network topology

4 Introduction Getting assistance

� Router, gateway, and IP address information

� Problem description:

� Error messages and log files

� Troubleshooting that was performed before contacting Symantec

� Recent software configuration changes and network changes

Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/business/support/

Customer service Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the following types of issues:

� Questions regarding product licensing or serialization

� Product registration updates, such as address or name changes

� General product information (features, language availability, local dealers)

� Latest information about product updates and upgrades

� Information about upgrade assurance and support contracts

� Information about the Symantec Buying Programs

� Advice about Symantec's technical support options

� Nontechnical presales questions

� Issues that are related to CD-ROMs or manuals

Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan customercare_apac@symantec.com

Europe, Middle-East, Africa semea@symantec.com

North America, Latin America supportsolutions@symantec.com

2 How email flows through the integrated system

Email travels from the sender to Symantec Messaging Gateway. Symantec Messaging Gateway sends it to Symantec Data Loss Prevention for scanning. Symantec Data Loss Prevention scans it, flags it for security violations or sensitivity, and then sends it back to Symantec Messaging Gateway. Symantec Messaging Gateway reads the flagging, sends on unflagged email, and forwards flagged items to Symantec Encryption Management Server. Symantec Encryption Management Server processes the flagged messages through mail policy and then sends the now-protected messages out.

There are two ways that email can move from Symantec Messaging Gateway to Symantec Encryption Management Server:

� Set Symantec Messaging Gateway to automatically forward all flagged email to Symantec Encryption Management Server; for more information, see Automatic message forwarding from Symantec Messaging Gateway (on page 6).

� Require that Symantec Messaging Gateway quarantine and store flagged messages until they can be reviewed and sent on to Symantec Encryption Management Server by an administrator; for more information, see Manual release from Symantec Messaging Gateway quarantine (on page 6).

Messages flagged by Symantec Data Loss Prevention include two X headers. Symantec Encryption Management Server and Symantec Messaging Gateway identify the messages by recognizing the X headers.

� X-dlp-uniquemsgid. Contains the unique ID for that incident.

� X-dlp-policyid. Contains the IDs of the policies violated by the incident. The header is a comma-separated value listing all violations.

Note: The integration between Symantec Encryption Management Server and Symantec Data Loss Prevention protects outbound email only. It does not apply to inbound and internal messages.

In This Chapter

Network diagrams ...........................................................................................................5

Automatic message forwarding from Symantec Messaging Gateway ....................6

Manual release from Symantec Messaging Gateway quarantine ............................6

Network diagrams Author's note: this section is not yet complete

6 How email flows through the integrated system Automatic message forwarding from Symantec Messaging Gateway

Automatic message forwarding from Symantec Messaging Gateway

This mail flow describes what happens if Symantec Messaging Gateway automatically forwards all flagged email to Symantec Encryption Management Server.

1 An internal user sends an outbound message.

2 The message arrives at Symantec Data Loss Prevention.

3 Symantec Data Loss Prevention determines that the message violates policy.

4 Symantec Data Loss Prevention adds X-headers to the message to provide the unique ID of the incident and the ID of the violated policy.

5 Symantec Data Loss Prevention sends the messages to Symantec Messaging Gateway.

6 Symantec Messaging Gateway forwards the messages to Symantec Encryption Management Server, triggered by the X-headers added by Symantec Data Loss Prevention.

7 Symantec Encryption Management Server listens for messages released from Symantec Messaging Gateway on a dedicated SMTP mail proxy.

8 Symantec Encryption Management Server mail policy processes the messages through the mail policy chain, which has been configured to process messages from Symantec Messaging Gateway.

9 Symantec Encryption Management Server sends out the messages secured, either encrypted or through other secure delivery methods, or blocks the messages.

10 Symantec Encryption Management Server queues the incidents and sends periodic updates to Symantec Data Loss Prevention.

Manual release from Symantec Messaging Gateway quarantine

This mail flow describes what happens if an administrator must review messages quarantined by Symantec Messaging Gateway.

1 An internal user sends an outbound message.

2 The message arrives at Symantec Data Loss Prevention.

3 Symantec Data Loss Prevention determines that the message violates policy.

4 Symantec Data Loss Prevention adds X-headers to the message to provide the unique ID of the incident and the ID of the violated policy.

5 Symantec Data Loss Prevention sends the messages to Symantec Messaging Gateway for quarantine because the messages violate Symantec Data Loss Prevention policies.

7 How email flows through the integrated system Manual release from Symantec Messaging Gateway quarantine

6 The administrator looks at the quarantined messages and decides if they should be sent encrypted. If so, the administrator releases the messages from quarantine to Symantec Encryption Management Server.

7 Symantec Encryption Management Server listens for messages released from Symantec Messaging Gateway on a dedicated SMTP mail proxy.

8 Symantec Encryption Management Server mail policy processes the messages through the mail policy chain, which has been configured to process messages from Symantec Messaging Gateway.

9 Symantec Encryption Management Server sends out the messages secured, either encrypted or through other secure delivery methods, or blocks the messages.

10 Symantec Encryption Management Server queues the incidents and sends periodic updates to Symantec Data Loss Prevention.

3 Symantec Gateway Email Encryption setup

To make Symantec Encryption Management Server ready to work with Symantec Messaging Gateway and Symantec Data Loss Prevention, there are three required tasks.

� Enable and configure integration on Symantec Encryption Management Server through the user interface. For more information, see Enabling integration (on page 9).

� Create a new mail proxy for messages coming from Symantec Messaging Gateway. For more information, see Adding a mail proxy for Symantec Messaging Gateway messages (on page 10).

� Update Symantec Encryption Management Server mail policy to process and handle DLP-flagged messages coming from Symantec Messaging Gateway. For more information, see Updating mail policy (on page 10).

In This Chapter

Enabling integration....................................................................................................... 9

Adding a mail proxy for Symantec Messaging Gateway messages....................... 10

Updating mail policy .................................................................................................... 10

Enabling integration

To enable and configure integration with Symantec Data Loss Prevention

1 On the Mail > DLP Integration page, click the Enable Integration checkbox.

2 Type the hostname or IP address for the DLP server with which you want to integrate.

3 Type the user name and password you want to use to authenticate to the DLP server.

4 In the Batch size for status updates field, specify how many status messages you want in each batch update.

5 In the Update interval field, specify how often you want Symantec Encryption Management Server to open a connection with DLP to send status updates.

6 Click Save to start the integration.

The mail log shows that DLP integration is enabled or disabled. The log message does not appear until the first batch interval begins.

The user name and password you use is created on the Symantec Data Loss Prevention server. For more information, see Data Loss Prevention user ID permissions (on page 11).

10 Symantec Gateway Email Encryption setup Adding a mail proxy for Symantec Messaging Gateway messages

Best practice: The default batch and interval values are preset to optimize performance. Symantec recommends that you do not change them.

For more information on configuring integration, see "Integrating with Symantec Data Loss Prevention" in theSymantec Encryption Management Server Administrator's Guide.

Adding a mail proxy for Symantec Messaging Gateway messages

Configure a new SMTP outbound mail proxy on Symantec Encryption Management Server. This proxy must listen on the port where Symantec Messaging Gateway sends the Symantec Data Loss Prevention flagged messages. For more information on the Symantec Messaging Gateway port, see Symantec Messaging Gateway setup (on page 13).

For more information on how to set up a mail proxy to listen on the dedicated port that receives messages from Symantec Messaging Gateway, see "Configuring Mail proxies" in theSymantec Encryption Management Server Administrator’s Guide.

Updating mail policy Update mail policy to process DLP-flagged messages coming from Symantec Messaging Gateway. If you do not, messages will go out in the clear. If mail policy is not configured correctly, you will see an error message in the Mail logs that DLP-flagged messages are going out in the clear.

Configure a new mail rule at the top of the "Outbound" chain:

� Condition: Use the "Port of local connector" condition to select DLP-flagged messages coming from Symantec Messaging Gateway. Specify the local connector port of the proxy where DLP-flagged messages are being sent by Symantec Messaging Gateway, as specified in Adding a mail proxy for Symantec Messaging Gateway messages (on page 10).

� Action: Use the "go to chain" action and choose the "Outbound: Secure Message" chain.

All DLP-flagged messages are sent to the "Outbound: Secure Message" chain to be protected according to mail policy.

For more information on creating mail policy rules, see "Setting Mail Policy" in theSymantec Encryption Management Server Administrator’s Guide.

4 Symantec Data Loss Prevention setup

To make Symantec Data Loss Prevention ready to work with Symantec Encryption Management Server, there are two required tasks.

� Make sure that Symantec Encryption Management Server and Symantec Data Loss Prevention can successfully authenticate using a certificate. For more information, see Certificate authentication (on page 11).

� Create a Symantec Data Loss Prevention user ID for Symantec Encryption Management Server to use to update remediation status. For more information, see DLP user ID permissions (see "Data Loss Prevention user ID permissions" on page 11).

In This Chapter

Certificate authentication ........................................................................................... 11

Data Loss Prevention user ID permissions ............................................................... 11

Certificate authentication Symantec Data Loss Prevention and Symantec Encryption Management Server use certificate authentication to communicate. If Symantec Data Loss Prevention has a self-signed certificate, import the certificate to Symantec Encryption Management Server as a trusted certificate, and select the Trust key for verifying SSL/TLS certificates option. Symantec Data Loss Prevention certificates from publicly-trusted issuers do not need to be imported.

For more information on importing certificates, see "Managing Trusted Keys and Certificates" in Symantec Encryption Management Server Administrator’s Guide.

Data Loss Prevention user ID permissions Create a Symantec Data Loss Prevention user ID for Symantec Encryption Management Server to use to update remediation status. The Symantec Data Loss Prevention user ID must have the necessary permissions to update remediation status on Symantec Data Loss Prevention Enforce Server. Symantec Data Loss Prevention permissions and roles are configured from the Symantec Data Loss Prevention administrative web interface, and must include the following three permissions:

� View network Incidents

� Actions: Remediate Incidents

� API: Incident Update

For more information, see the Symantec Data Loss Prevention Administration Guide.

5 Symantec Messaging Gateway setup

To make Symantec Messaging Gateway ready to work with Symantec Encryption Management Server and Symantec Data Loss Prevention, there is one required task.

Create a policy to recognize and either quarantine or automatically forward DLP-flagged messages to Symantec Encryption Management Server.

For more information on configuring Symantec Messaging Gateway policies, see the Symantec Messaging Gateway Administration Guide.

In This Chapter

Creating a policy to quarantine flagged messages .................................................. 13

Creating a policy to automatically forward flagged messages .............................. 14

Creating a policy to quarantine flagged messages

To create a policy quarantining flagged messages

1 From the Symantec Messaging Gateway interface, go to Content > Email.

The Email Content Filtering Policies page appears.

2 Click Add.

3 Select a template to clone, or clone the default template.

4 Name the policy.

5 Apply the policy to outbound messages only.

� Add conditions that recognize the two X headers described in How email flows through the integrated system (on page 5). Create one condition for each X header: X-dlp-uniquemsgid and X-dlp-policyid.

1 Add the action "Create a quarantine incident."

� Specify an incident folder in which to store the flagged messages.

� Specify what happens to messages based on the action:

� For "Message review approved actions," choose "Deliver message normally." If the administrator approves the message, it will be delivered to the recipient unprotected, without first being processed by Symantec Encryption Management Server.

14 Symantec Messaging Gateway setup Creating a policy to automatically forward flagged messages

� For "Message Review Rejected Actions," select "Delete message." If the administrator rejects the message, it will be deleted and not delivered at all.

� For "Message Review Custom Actions," select "Route the message to." If the administrator chooses this, the message goes to Symantec Encryption Management Server to be processed by mail policy. Route the message to the same IP and port information that the Symantec Encryption Management Server SMTP proxy is listening on. For more information on the Symantec Encryption Management Server mail proxy, see Adding a mail proxy for Symantec Messaging Gateway messages (on page 10).

2 Save the policy.

For information on how the messages flow through the integrated system, see Manual release from Symantec Messaging Gateway quarantine (on page 6).

For details on how to create Symantec Messaging Gateway policies, see the Symantec Messaging Gateway Administration Guide.

Creating a policy to automatically forward flagged messages

To create a policy automatically forwarding flagged messages

1 From the Symantec Messaging Gateway interface, go to Content > Email.

The Email Content Filtering Policies page appears.

2 Click Add.

3 Select a template to clone, or clone the default template.

4 Name the policy.

5 Apply the policy to outbound messages only.

6 Add conditions that recognize the two X headers described in How email flows through the integrated system (on page 5). Create one condition for each X header: X-dlp-uniquemsgid and X-dlp-policyid.

7 Add an action to route flagged messages to Symantec Encryption Management Server. Route the message to the same IP and port information that the Symantec Encryption Management Server SMTP proxy is listening on. For more information on the Symantec Encryption Management Server mail proxy, see Adding a mail proxy for Symantec Messaging Gateway messages (on page 10).

8 Save the policy.

For information on how the messages flow through the integrated system, see Automatic message forwarding from Symantec Messaging Gateway (on page 6).

For details on how to create Symantec Messaging Gateway policies, see the Symantec Messaging Gateway Administration Guide.

6 Incident reporting

Symantec Encryption Management Server automatically updates the incident remediation status in the Symantec Data Loss Prevention Enforce Server.

Symantec Encryption Management Server does not send individual status updates for each incident. Rather, Symantec Encryption Management Server aggregates incidents and sends them out in groups at predefined intervals and in predefined numbers to the Symantec Data Loss Prevention Incident Update Service.

The default status update batch size is 1000 messages, with an interval of 5 minutes. Symantec Encryption Management Server opens a new connection to Symantec Data Loss Prevention every 5 minutes, and packages and sends batches in that 5 minutes. At the end of 5 minutes, the connection closes and a new one opens; if there are more batches than can be sent in five minutes, the connection stays open until all batches are sent. You can change the batch size and interval, but the default settings match the Symantec Messaging Gateway default settings for batch and interval. For best performance, do not to change these settings.

Symantec Encryption Management Server deletes successfully updated incidents from the list of pending incidents.

Failures to connect to Symantec Data Loss Prevention appear in the Mail log, but no other notification appears if Symantec Encryption Management Server cannot connect to Symantec Data Loss Prevention. If, after 24 hours, Symantec Encryption Management Server fails to connect to Symantec Data Loss Prevention to send an incident update, the incident is deleted. An error message appears in the log if an incident is deleted.

For more information on configuring incident reporting, see "Integrating with Symantec Data Loss Prevention" in the Symantec Encryption Management Server Administrator's Guide.

7 Making sure set up was successful

There is no way to automatically test that the integration is configured correctly. To test the integration, send messages through Symantec Encryption Management Server and examine the logs and reports for errors.

Best practice: Send multiple messages using different formats to thoroughly test the configuration.

For example, send an email, then check the Symantec Data Loss Prevention incident report and the Symantec Encryption Management Server Mail log.

Examine the Symantec Data Loss Prevention incident report to see the status of the successfully updated incident. The incident record shows one of the following:

� The message was sent securely. This entry does not show what method was used, for example encryption or Symantec Universal Web Messenger.

� The message was sent unprotected and in the clear. This is an indication that there is an error in the mail policy configuration.

� Symantec Encryption Management Server bounced the message in accordance with mail policy.

Examine the Symantec Encryption Management Server Mail log:

� The Mail log shows that the incident update service is enabled or disabled.

� The Mail log can show potential errors in mail policy configuration, for example, if the email was sent in the clear.

In This Chapter

Understanding the Symantec Encryption Management Server log files............. 19

Troubleshooting............................................................................................................ 21

8 Understanding the Symantec Encryption Management Server log files

In the Mail log, DLP-related entries are marked with the prefix DLPQUEUE.

The Mail log shows that Symantec Data Loss Prevention incident service is enabled or disabled.

If mail policy is not configured correctly, you will see an error message in the Mail logs that DLP-flagged messages are going out in the clear.

Failures to connect to Symantec Data Loss Prevention appear in the Mail log, but no other notification appears if Symantec Encryption Management Server cannot connect to Symantec Data Loss Prevention. If, after 24 hours, Symantec Encryption Management Server fails to connect to Symantec Data Loss Prevention to send an incident update, the incident is deleted. An error message appears in the log if an incident is deleted.

If the log file shows that a batch fails with the error code NO_INCIDENTS_WITH_GIVEN_CRITERIA, Symantec Encryption Management Server updates each affected incident separately during the next update attempt. If the log file shows that a batch fails with any other error code than NO_INCIDENTS_WITH_GIVEN_CRITERIA, Symantec Encryption Management Server does not retry the incidents in that batch. Instead, it logs the error and deletes the incidents.

9 Troubleshooting

Issue Resolution

DLP-flagged messages are not protected. If mail policy is not configured correctly, you will see an error message in the Mail logs that DLP-flagged messages are going out in the clear. Reconfigure mail policy rules and re-test that messages pass through the mail policy chain correctly.

Mail logs show that the DLP user is not authorized to update incidents, or that incident status was not updated due to authorization failure.

Verify that the user has privileges on Data Loss Prevention to update incidents, based on its user role.

Mail logs show that the DLP username or password is incorrect.

Verify that the username and password are correct in Symantec Encryption Management Server and match the username and password in Symantec Data Loss Prevention.

DLP Incident status update shows flagged messages are not processed as expected.

Reconfigure mail policy rules and re-test that messages pass through the mail policy chain correctly.

In Data Loss Prevention, duplicate entries appear for an incident.

This is not an indication of a problem with the configuration. There is no need for further action.